michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
36ef2a1e2cf1c2592c11158ab1a6901e968c7fe3
michaelschiemer/deployment/ansible/roles/gitea/tasks/setup.yml
Michael Schiemer 36ef2a1e2c
Some checks failed
🚀 Build & Deploy Image / Determine Build Necessity (push) Failing after 10m14s
Details
🚀 Build & Deploy Image / Build Runtime Base Image (push) Has been skipped
Details
🚀 Build & Deploy Image / Build Docker Image (push) Has been skipped
Details
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Details
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been skipped
Details
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
Details
Security Vulnerability Scan / Check for Dependency Changes (push) Failing after 11m25s
Details
Security Vulnerability Scan / Composer Security Audit (push) Has been cancelled
Details
fix: Gitea Traefik routing and connection pool optimization 
- Remove middleware reference from Gitea Traefik labels (caused routing issues)
- Optimize Gitea connection pool settings (MAX_IDLE_CONNS=30, authentication_timeout=180s)
- Add explicit service reference in Traefik labels
- Fix intermittent 504 timeouts by improving PostgreSQL connection handling

Fixes Gitea unreachability via git.michaelschiemer.de
2025-11-09 14:46:15 +01:00

288 lines
12 KiB
YAML
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
# Setup Gitea Initial Configuration
- name: Verify Gitea container exists
ansible.builtin.shell: |
docker compose -f {{ gitea_stack_path }}/docker-compose.yml ps {{ gitea_container_name }} | grep -q "{{ gitea_container_name }}"
register: gitea_exists
changed_when: false
failed_when: false
- name: Fail if Gitea container does not exist
ansible.builtin.fail:
msg: "Gitea container does not exist. Please deploy Gitea stack first using: ansible-playbook -i inventory/production.yml playbooks/setup-infrastructure.yml --tags gitea"
when: gitea_exists.rc != 0
- name: Wait for Gitea to be ready
ansible.builtin.uri:
url: "{{ gitea_url }}/api/healthz"
method: GET
status_code: [200, 404]
validate_certs: false
timeout: "{{ gitea_health_check_timeout | default(10) }}"
register: gitea_health
until: gitea_health.status == 200
retries: "{{ gitea_setup_health_retries | default(30) }}"
delay: "{{ gitea_setup_health_delay | default(5) }}"
ignore_errors: yes
changed_when: false
when: not (gitea_force_update_app_ini | default(false) | bool)
- name: Check if Gitea is already configured
ansible.builtin.uri:
url: "{{ gitea_url }}"
method: GET
status_code: [200, 302, 502]
validate_certs: false
timeout: "{{ gitea_health_check_timeout | default(10) }}"
follow_redirects: none
return_content: yes
register: gitea_main_check
changed_when: false
failed_when: false
- name: Check if app.ini exists in container
ansible.builtin.shell: |
docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T {{ gitea_container_name }} test -f {{ gitea_app_ini_container_path }}
register: gitea_app_ini_exists
changed_when: false
failed_when: false
- name: Check if INSTALL_LOCK is set
ansible.builtin.shell: |
docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T {{ gitea_container_name }} grep -q "INSTALL_LOCK = true" {{ gitea_app_ini_container_path }} 2>/dev/null || echo "not_set"
register: gitea_install_lock_check
changed_when: false
failed_when: false
when: gitea_app_ini_exists.rc == 0
- name: Determine if Gitea needs setup
ansible.builtin.set_fact:
gitea_needs_setup: "{{ (gitea_force_update_app_ini | default(false) | bool) or ('installation' in (gitea_main_check.content | default('') | lower) or 'initial configuration' in (gitea_main_check.content | default('') | lower)) or (gitea_app_ini_exists.rc != 0) or (gitea_install_lock_check.stdout | default('') | trim == 'not_set') }}"
gitea_already_configured: "{{ not (gitea_force_update_app_ini | default(false) | bool) and 'installation' not in (gitea_main_check.content | default('') | lower) and 'initial configuration' not in (gitea_main_check.content | default('') | lower) and gitea_app_ini_exists.rc == 0 and gitea_install_lock_check.stdout | default('') | trim != 'not_set' }}"
- name: Display setup status
ansible.builtin.debug:
msg: |
Gitea Setup Status:
- Main page status: {{ gitea_main_check.status }}
- app.ini exists: {{ gitea_app_ini_exists.rc == 0 }}
- INSTALL_LOCK set: {{ gitea_install_lock_check.stdout | default('unknown') }}
- Force update: {{ gitea_force_update_app_ini | default(false) }}
- Already configured: {{ gitea_already_configured }}
- Needs setup: {{ gitea_needs_setup }}
when: gitea_show_status | default(true) | bool
- name: Fail if admin password is not set
ansible.builtin.fail:
msg: |
Gitea admin password is not set in vault.
Please set vault_gitea_admin_password in:
- deployment/ansible/secrets/production.vault.yml
To set it, run:
ansible-vault edit secrets/production.vault.yml --vault-password-file secrets/.vault_pass
Then add:
vault_gitea_admin_password: "your-secure-password"
when:
- gitea_needs_setup | bool
- gitea_admin_password | default('') | trim == ''
- name: Get Gitea database configuration from environment
ansible.builtin.shell: |
docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T {{ gitea_container_name }} env | grep -E "^GITEA__database__" || true
register: gitea_db_env
changed_when: false
failed_when: false
when: gitea_needs_setup | bool
- name: Parse database configuration
ansible.builtin.set_fact:
gitea_db_type: "{{ (gitea_db_env.stdout | default('') | regex_search('GITEA__database__DB_TYPE=([^\n]+)', '\\1') or ['postgres']) | first }}"
gitea_db_host: "{{ (gitea_db_env.stdout | default('') | regex_search('GITEA__database__HOST=([^\n]+)', '\\1') or ['postgres:5432']) | first }}"
gitea_db_name: "{{ (gitea_db_env.stdout | default('') | regex_search('GITEA__database__NAME=([^\n]+)', '\\1') or ['gitea']) | first }}"
gitea_db_user: "{{ (gitea_db_env.stdout | default('') | regex_search('GITEA__database__USER=([^\n]+)', '\\1') or ['gitea']) | first }}"
gitea_db_passwd: "{{ (gitea_db_env.stdout | default('') | regex_search('GITEA__database__PASSWD=([^\n]+)', '\\1') or ['gitea_password']) | first }}"
when: gitea_needs_setup | bool
- name: Extract database host and port
ansible.builtin.set_fact:
gitea_db_hostname: "{{ gitea_db_host.split(':')[0] }}"
gitea_db_port: "{{ (gitea_db_host.split(':')[1]) | default('5432') }}"
when: gitea_needs_setup | bool
- name: Get Gitea server configuration from environment
ansible.builtin.shell: |
docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T {{ gitea_container_name }} env | grep -E "^GITEA__server__" || true
register: gitea_server_env
changed_when: false
failed_when: false
when: gitea_needs_setup | bool
- name: Parse server configuration
ansible.builtin.set_fact:
gitea_domain_config: "{{ (gitea_server_env.stdout | default('') | regex_search('GITEA__server__DOMAIN=([^\n]+)', '\\1') or [gitea_domain]) | first }}"
gitea_root_url: "{{ (gitea_server_env.stdout | default('') | regex_search('GITEA__server__ROOT_URL=([^\n]+)', '\\1') or ['https://' + gitea_domain + '/']) | first }}"
gitea_ssh_domain: "{{ (gitea_server_env.stdout | default('') | regex_search('GITEA__server__SSH_DOMAIN=([^\n]+)', '\\1') or [gitea_domain]) | first }}"
gitea_ssh_port: "{{ (gitea_server_env.stdout | default('') | regex_search('GITEA__server__SSH_PORT=([^\n]+)', '\\1') or ['2222']) | first }}"
when: gitea_needs_setup | bool
- name: Get Gitea service configuration from environment
ansible.builtin.shell: |
docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T {{ gitea_container_name }} env | grep -E "^GITEA__service__" || true
register: gitea_service_env
changed_when: false
failed_when: false
when: gitea_needs_setup | bool
- name: Parse service configuration
ansible.builtin.set_fact:
gitea_disable_registration: "{{ (gitea_service_env.stdout | default('') | regex_search('GITEA__service__DISABLE_REGISTRATION=([^\n]+)', '\\1') or ['true']) | first | lower }}"
when: gitea_needs_setup | bool
- name: Generate app.ini file
ansible.builtin.template:
src: "{{ gitea_app_ini_template | default('../../templates/gitea-app.ini.j2') }}"
dest: "{{ gitea_app_ini_path }}"
mode: '0644'
vars:
gitea_domain: "{{ gitea_domain_config }}"
postgres_db: "{{ gitea_db_name }}"
postgres_user: "{{ gitea_db_user }}"
postgres_password: "{{ gitea_db_passwd }}"
disable_registration: "{{ gitea_disable_registration == 'true' }}"
ssh_port: "{{ gitea_ssh_port | int }}"
ssh_listen_port: 22
when: gitea_needs_setup | bool
- name: Copy app.ini to Gitea container
ansible.builtin.shell: |
docker compose -f {{ gitea_stack_path }}/docker-compose.yml cp {{ gitea_app_ini_path }} {{ gitea_container_name }}:{{ gitea_app_ini_container_path }}
when: gitea_needs_setup | bool
ignore_errors: yes
- name: Wait for container to be ready for exec
ansible.builtin.shell: |
docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T {{ gitea_container_name }} true
register: container_ready
until: container_ready.rc == 0
retries: "{{ gitea_config_retries | default(30) }}"
delay: "{{ gitea_config_delay | default(2) }}"
when:
- gitea_needs_setup | bool
- not (gitea_force_update_app_ini | default(false) | bool)
changed_when: false
ignore_errors: yes
- name: Set correct permissions on app.ini in container
ansible.builtin.shell: |
docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T {{ gitea_container_name }} chown 1000:1000 {{ gitea_app_ini_container_path }} && \
docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T {{ gitea_container_name }} chmod 644 {{ gitea_app_ini_container_path }}
when: gitea_needs_setup | bool
ignore_errors: yes
- name: Restart Gitea container
ansible.builtin.shell: |
docker compose -f {{ gitea_stack_path }}/docker-compose.yml restart {{ gitea_container_name }}
when: gitea_needs_setup | bool
register: gitea_restart
changed_when: gitea_restart.rc == 0
notify: wait for gitea
- name: Wait for Gitea to be ready after restart
ansible.builtin.uri:
url: "{{ gitea_url }}/api/healthz"
method: GET
status_code: [200]
validate_certs: false
timeout: "{{ gitea_health_check_timeout | default(10) }}"
register: gitea_health_after_restart
until: gitea_health_after_restart.status == 200
retries: "{{ gitea_restart_retries | default(30) }}"
delay: "{{ gitea_restart_delay | default(5) }}"
when:
- not (gitea_force_update_app_ini | default(false) | bool)
- gitea_restart.changed | default(false)
changed_when: false
ignore_errors: yes
- name: Wait for database to be initialized
ansible.builtin.pause:
seconds: "{{ gitea_setup_db_wait | default(10) }}"
when: gitea_needs_setup | bool
- name: Check if admin user already exists
ansible.builtin.shell: |
docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T {{ gitea_container_name }} \
gitea admin user list --admin | grep -q "{{ gitea_admin_username }}" || echo "not_found"
register: gitea_admin_exists
changed_when: false
failed_when: false
when: gitea_needs_setup | bool
- name: Create admin user
ansible.builtin.shell: |
docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T --user git {{ gitea_container_name }} \
gitea admin user create \
--username "{{ gitea_admin_username }}" \
--password "{{ gitea_admin_password }}" \
--email "{{ gitea_admin_email }}" \
--admin \
--must-change-password=false
register: gitea_admin_create_result
when:
- gitea_needs_setup | bool
- gitea_admin_exists.stdout | default('') | trim == 'not_found'
failed_when: gitea_admin_create_result.rc != 0 and 'already exists' not in (gitea_admin_create_result.stderr | default(''))
no_log: true
- name: Verify Gitea is accessible
ansible.builtin.uri:
url: "{{ gitea_url }}"
method: GET
status_code: [200, 302]
validate_certs: false
timeout: "{{ gitea_health_check_timeout | default(10) }}"
follow_redirects: none
register: gitea_access_check
when: gitea_needs_setup | bool
- name: Display success message
ansible.builtin.debug:
msg: |
========================================
✅ Gitea Initial Setup Complete!
========================================
Configuration:
- app.ini created with INSTALL_LOCK = true
- Admin user created: {{ gitea_admin_username }}
- Email: {{ gitea_admin_email }}
Next steps:
1. Access Gitea: {{ gitea_url }}
2. Login with:
- Username: {{ gitea_admin_username }}
- Password: (from vault: vault_gitea_admin_password)
3. Configure Gitea Actions Runner (if needed):
- Go to: {{ gitea_url }}/admin/actions/runners
- Get registration token
- Register runner using: deployment/gitea-runner/register.sh
========================================
when:
- gitea_needs_setup | bool
- gitea_show_status | default(true) | bool
- name: Display already configured message
ansible.builtin.debug:
msg: |
========================================
Gitea is already configured.
========================================
No setup needed. Access Gitea at: {{ gitea_url }}
========================================
when:
- gitea_already_configured | bool
- gitea_show_status | default(true) | bool
Reference in New Issue View Git Blame Copy Permalink